Configuring GLBP

• Configuring GLBP, on page 1

Configuring GLBP
Gateway Load Balancing Protocol (GLBP) protects data traffic from a failed device or circuit, like Hot Standby
Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP), while allowing packet load sharing
between a group of redundant devices.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Restrictions for GLBP

Enhanced Object Tracking (EOT) is not stateful switchover (SSO)-aware and cannot be used with GLBP in
SSO mode.

Prerequisites for GLBP

Before configuring GLBP, ensure that the devices can support multiple MAC addresses on the physical
interfaces. For each GLBP forwarder to be configured, an additional MAC address is used.

Configuring GLBP
1
 Configuring GLBP
Information About GLBP

Information About GLBP

GLBP Overview
GLBP provides automatic device backup for IP hosts configured with a single default gateway on an IEEE
802.3 LAN. Multiple first-hop devices on the LAN combine to offer a single virtual first-hop IP device while
sharing the IP packet forwarding load. Other devices on the LAN act as redundant GLBP devices that will
become active if any of the existing forwarding devices fail.
GLBP performs a similar function for the user as HSRP and VRRP. HSRP and VRRP allow multiple devices
to participate in a virtual device group configured with a virtual IP address. One member is elected to be the
active device to forward packets sent to the virtual IP address for the group. The other devices in the group
are redundant until the active device fails. These standby devices have unused bandwidth that the protocol is
not using. Although multiple virtual device groups can be configured for the same set of devices, the hosts
must be configured for different default gateways, which results in an extra administrative burden. The
advantage of GLBP is that it additionally provides load balancing over multiple devices (gateways) using a
single virtual IP address and multiple virtual MAC addresses. The forwarding load is shared among all devices
in a GLBP group rather than being handled by a single device while the other devices stand idle. Each host
is configured with the same virtual IP address, and all devices in the virtual device group participate in
forwarding packets. GLBP members communicate between each other through hello messages sent every 3
seconds to the multicast address 224.0.0.102, UDP port 3222 (source and destination).

GLBP Packet Types

GLBP uses 3 different packet types to operate. The packet types are Hello, Request, and Reply. The Hello
packet is used to advertise protocol information. Hello packets are multicast, and are sent when any virtual
gateway or virtual forwarder is in Speak, Standby or Active state. Request and Reply packets are used for
virtual MAC assignment. They are both unicast messages to and from the active virtual gateway (AVG).

GLBP Active Virtual Gateway

Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other
group members provide backup for the AVG if the AVG becomes unavailable. The AVG assigns a virtual
MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding
packets sent to the virtual MAC address assigned to it by the AVG. These gateways are known as active
virtual forwarders (AVFs) for their virtual MAC address.
The AVG is also responsible for answering Address Resolution Protocol(ARP) requests for the virtual IP
address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC
addresses.
When the no glbp load-balancingcommand is configured, if the AVG does not have an AVF, it preferentially
responds to ARP requests with the MAC address of the first listening virtual forwarder (VF), which will
causes traffic to route via another gateway until that VF migrates back to being the current AVG.
In the figure below, Router A (or Device A) is the AVG for a GLBP group, and is responsible for the virtual
IP address 10.21.8.10. Router A is also an AVF for the virtual MAC address 0007.b400.0101. Router B (or
Device B) is a member of the same GLBP group and is designated as the AVF for the virtual MAC address
0007.b400.0102. Client 1 has a default gateway IP address of 10.21.8.10 and a gateway MAC address of
0007.b400.0101. Client 2 shares the same default gateway IP address but receives the gateway MAC address
0007.b400.0102 because Router B is sharing the traffic load with Router A.

Configuring GLBP
2
 Configuring GLBP
GLBP Virtual MAC Address Assignment

Figure 1: GLBP Topology

If Router A becomes unavailable, Client 1 will not lose access to the WAN because Router B will assume
responsibility for forwarding packets sent to the virtual MAC address of Router A, and for responding to
packets sent to its own virtual MAC address. Router B will also assume the role of the AVG for the entire
GLBP group. Communication for the GLBP members continues despite the failure of a device in the GLBP
group.

GLBP Virtual MAC Address Assignment

A GLBP group allows up to four virtual MAC addresses per group. The AVG is responsible for assigning
the virtual MAC addresses to each member of the group. Other group members request a virtual MAC address
after they discover the AVG through hello messages. Gateways are assigned the next MAC address in sequence.
A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder.
Other members of the GLBP group learn the virtual MAC addresses from hello messages. A virtual forwarder
that has learned the virtual MAC address is referred to as a secondary virtual forwarder.

GLBP Virtual Gateway Redundancy

GLBP operates virtual gateway redundancy in the same way as HSRP. One gateway is elected as the AVG,
another gateway is elected as the standby virtual gateway, and the remaining gateways are placed in a listen
state.
If an AVG fails, the standby virtual gateway will assume responsibility for the virtual IP address. A new
standby virtual gateway is then elected from the gateways in the listen state.

GLBP Virtual Forwarder Redundancy

Virtual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If the AVF fails, one of
the secondary virtual forwarders in the listen state assumes responsibility for the virtual MAC address.
The new AVF is also a primary virtual forwarder for a different forwarder number. GLBP migrates hosts
away from the old forwarder number using two timers that start as soon as the gateway changes to the active
virtual forwarder state. GLBP uses the hello messages to communicate the current state of the timers.
The redirect time is the interval during which the AVG continues to redirect hosts to the old virtual forwarder
MAC address. When the redirect time expires, the AVG stops using the old virtual forwarder MAC address

Configuring GLBP
3
 Configuring GLBP
GLBP Gateway Priority

in ARP replies, although the virtual forwarder will continue to forward packets that were sent to the old virtual
forwarder MAC address.
The secondary holdtime is the interval during which the virtual forwarder is valid. When the secondary
holdtime expires, the virtual forwarder is removed from all gateways in the GLBP group. The expired virtual
forwarder number becomes eligible for reassignment by the AVG.

GLBP Gateway Priority

GLBP gateway priority determines the role that each GLBP gateway plays and what happens if the AVG
fails.
Priority also determines if a GLBP device functions as a backup virtual gateway and the order of ascendancy
to becoming an AVG if the current AVG fails. You can configure the priority of each backup virtual gateway
with a value of 1 through 255 using the glbp priority command.
In the "GLBP Topology" figure, if Router A (or Device A)—the AVG in a LAN topology—fails, an election
process takes place to determine which backup virtual gateway should take over. In this example, Router B
(or Device B) is the only other member in the group so it will automatically become the new AVG. If another
device existed in the same GLBP group with a higher priority, then the device with the higher priority would
be elected. If both devices have the same priority, the backup virtual gateway with the higher IP address would
be elected to become the active virtual gateway.
By default, the GLBP virtual gateway preemptive scheme is disabled. A backup virtual gateway can become
the AVG only if the current AVG fails, regardless of the priorities assigned to the virtual gateways. You can
enable the GLBP virtual gateway preemptive scheme using the glbp preempt command. Preemption allows
a backup virtual gateway to become the AVG, if the backup virtual gateway is assigned a higher priority than
the current AVG.

GLBP Gateway Weighting and Tracking

GLBP uses a weighting scheme to determine the forwarding capacity of each device in the GLBP group. The
weighting assigned to a device in the GLBP group can be used to determine whether it will forward packets
and, if so, the proportion of hosts in the LAN for which it will forward packets. Thresholds can be set to
disable forwarding when the weighting for a GLBP group falls below a certain value, and when it rises above
another threshold, forwarding is automatically reenabled.
The GLBP group weighting can be automatically adjusted by tracking the state of an interface within the
device. If a tracked interface goes down, the GLBP group weighting is reduced by a specified value. Different
interfaces can be tracked to decrement the GLBP weighting by varying amounts.
By default, the GLBP virtual forwarder preemptive scheme is enabled with a delay of 30 seconds. A backup
virtual forwarder can become the AVF if the current AVF weighting falls below the low weighting threshold
for 30 seconds. You can disable the GLBP forwarder preemptive scheme using the no glbp forwarder
preempt command or change the delay using the glbp forwarder preempt delay minimum command.

GLBP MD5 Authentication

GLBP MD5 authentication uses the industry-standard MD5 algorithm for improved reliability and security.
MD5 authentication provides greater security than the alternative plain text authentication scheme and protects
against spoofing software.
MD5 authentication allows each GLBP group member to use a secret key to generate a keyed MD5 hash that
is part of the outgoing packet. A keyed hash of an incoming packet is generated and, if the hash within the
incoming packet does not match the generated hash, the packet is ignored.

Configuring GLBP
4
 Configuring GLBP
GLBP Benefits

The key for the MD5 hash can either be given directly in the configuration using a key string or supplied
indirectly through a key chain. The key string cannot exceed 100 characters in length.
A device will ignore incoming GLBP packets from devices that do not have the same authentication
configuration for a GLBP group. GLBP has three authentication schemes:
• No authentication
• Plain text authentication
• MD5 authentication

GLBP packets will be rejected in any of the following cases:

• The authentication schemes differ on the device and in the incoming packet.
• MD5 digests differ on the device and in the incoming packet.
• Text authentication strings differ on the device and in the incoming packet.

GLBP Benefits

Load Sharing
You can configure GLBP in such a way that traffic from LAN clients can be shared by multiple devices,
thereby sharing the traffic load more equitably among available devices.

Multiple Virtual Devices

GLBP supports up to 1024 virtual devices (GLBP groups) on each physical interface of a device and up to
four virtual forwarders per group.

Preemption
The redundancy scheme of GLBP enables you to preempt an active virtual gateway (AVG) with a higher
priority backup virtual gateway that has become available. Forwarder preemption works in a similar way,
except that forwarder preemption uses weighting instead of priority and is enabled by default.

Authentication
GLBP supports the industry-standard message digest 5 (MD5) algorithm for improved reliability, security,
and protection against GLBP-spoofing software. A device within a GLBP group with a different authentication
string than other devices will be ignored by other group members. You can alternatively use a simple text
password authentication scheme between GLBP group members to detect configuration errors.

How to Configure GLBP

Customizing GLBP
Customizing the behavior of GLBP is optional. Be aware that as soon as you enable a GLBP group, that group
is operating. It is possible that if you first enable a GLBP group before customizing GLBP, the device could
take over control of the group and become the AVG before you have finished customizing the feature.
Therefore, if you plan to customize GLBP, it is a good idea to do so before enabling GLBP.

Configuring GLBP
5
 Configuring GLBP
Customizing GLBP

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface type number Specifies an interface type and number, and
enters interface configuration mode.
Example:

Device(config)# interface
GigabitEthernet 1/0/1

Step 4 ip address ip-address mask [secondary] Specifies a primary or secondary IP address

for an interface.
Example:

Device(config-if)# ip address 10.21.8.32

255.255.255.0

Step 5 glbp group timers [msec] hellotime [msec] Configures the interval between successive
holdtime hello packets sent by the AVG in a GLBP
group.
Example:
• The holdtime argument specifies the
Device(config-if)# glbp 10 timers 5 18 interval in seconds before the virtual
gateway and virtual forwarder
information in the hello packet is
considered invalid.
• The optional msec keyword specifies that
the following argument will be expressed
in milliseconds, instead of the default
seconds.

Step 6 glbp group timers redirect redirect timeout Configures the time interval during which the
AVG continues to redirect clients to an AVF.
Example:
The default is 600 seconds (10 minutes).
Device(config-if)# glbp 10 timers • The timeout argument specifies the
redirect 1800 28800 interval in seconds before a secondary
virtual forwarder becomes invalid. The
default is 14,400 seconds (4 hours).

Configuring GLBP
6
Configuring GLBP
Customizing GLBP

Command or Action Purpose

Note The zero value for the redirect
argument cannot be removed from
the range of acceptable values
because preexisting configurations
of Cisco IOS software already using
the zero value could be negatively
affected during an upgrade.
However, a zero setting is not
recommended and, if used, results
in a redirect timer that never
expires. If the redirect timer does
not expire, and the device fails, new
hosts continue to be assigned to the
failed device instead of being
redirected to the backup.

Step 7 glbp group load-balancing [host-dependent Specifies the method of load balancing used
| round-robin | weighted] by the GLBP AVG.
Example:

Device(config-if)# glbp 10
load-balancing host-dependent

Step 8 glbp group priority level Sets the priority level of the gateway within a
GLBP group.
Example:
• The default value is 100.
Device(config-if)# glbp 10 priority 254

Step 9 glbp group preempt [delay minimum Configures the device to take over as AVG for
seconds] a GLBP group if it has a higher priority than
the current AVG.
Example:
• This command is disabled by default.
Device(config-if)# glbp 10 preempt delay
minimum 60 • Use the optional delay and minimum
keywords and the seconds argument to
specify a minimum delay interval in
seconds before preemption of the AVG
takes place.

Step 10 glbp group name redundancy-name Enables IP redundancy by assigning a name

to the GLBP group.
Example:
• The GLBP redundancy client must be
Device(config-if)# glbp 10 name abc123 configured with the same GLBP group
name so the redundancy client and the
GLBP group can be connected.

Configuring GLBP
7
 Configuring GLBP
Configuring GLBP MD5 Authentication Using a Key String

Command or Action Purpose

Step 11 exit Exits interface configuration mode, and returns
the device to global configuration mode.
Example:

Device(config-if)# exit

Configuring GLBP MD5 Authentication Using a Key String

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface type number Configures an interface type and enters interface
configuration mode.
Example:

Device(config)# interface GigabitEthernet

1/0/1

Step 4 ip address ip-address mask [secondary] Specifies a primary or secondary IP address for
an interface.
Example:

Device(config-if)# ip address 10.0.0.1

255.255.255.0

Step 5 glbp group-number authentication md5 Configures an authentication key for GLBP
key-string [ 0 | 7] key MD5 authentication.
Example: • The key string cannot exceed 100
characters in length.
Device(config-if)# glbp 1 authentication
md5 key-string d00b4r987654321a • No prefix to the key argument or
specifying 0 means the key is unencrypted.
• Specifying 7 means the key is encrypted.
The key-string authentication key will
automatically be encrypted if the service
password-encryption global configuration
command is enabled.

Configuring GLBP
8
 Configuring GLBP
Configuring GLBP MD5 Authentication Using a Key Chain

Command or Action Purpose

Step 6 glbp group-number ip [ip-address [secondary]] Enables GLBP on an interface and identifies
the primary IP address of the virtual gateway.
Example:

Device(config-if)# glbp 1 ip 10.0.0.10

Step 7 Repeat Steps 1 through 6 on each device that —

will communicate.
Step 8 end Returns to privileged EXEC mode.
Example:

Device(config-if)# end

Step 9 show glbp (Optional) Displays GLBP information.

Example: • Use this command to verify your
configuration. The key string and
Device# show glbp authentication type will be displayed if
configured.

Configuring GLBP MD5 Authentication Using a Key Chain

Perform this task to configure GLBP MD5 authentication using a key chain. Key chains allow a different key
string to be used at different times according to the key chain configuration. GLBP will query the appropriate
key chain to obtain the current live key and key ID for the specified key chain.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 key chain name-of-chain Enables authentication for routing protocols

and identifies a group of authentication keys
Example:
and enters key-chain configuration mode.
Device(config)# key chain glbp2

Step 4 key key-id Identifies an authentication key on a key chain.

Example: • The value for the key-id argument must
be a number.

Configuring GLBP
9
 Configuring GLBP
Configuring GLBP MD5 Authentication Using a Key Chain

Command or Action Purpose

Device(config-keychain)# key 100

Step 5 key-string string Specifies the authentication string for a key

and enters key-chain key configuration mode.
Example:
• The value for the string argument can be
Device(config-keychain-key)# key-string 1 to 80 uppercase or lowercase
abc123 alphanumeric characters; the first
character cannot be a numeral.

Step 6 exit Returns to key-chain configuration mode.

Example:

Device(config-keychain-key)# exit

Step 7 exit Returns to global configuration mode.

Example:

Device(config-keychain)# exit

Step 8 interface type number Configures an interface type and enters

interface configuration mode.
Example:

Device(config)# interface
GigabitEthernet 1/0/1

Step 9 ip address ip-address mask [secondary] Specifies a primary or secondary IP address

for an interface.
Example:

Device(config-if)# ip address 10.21.0.1

255.255.255.0

Step 10 glbp group-number authentication md5 Configures an authentication MD5 key chain
key-chain name-of-chain for GLBP MD5 authentication.
Example: • The key chain name must match the name
specified in Step 3.
Device(config-if)# glbp 1 authentication
md5 key-chain glbp2

Step 11 glbp group-number ip [ip-address Enables GLBP on an interface and identifies

[secondary]] the primary IP address of the virtual gateway.
Example:

Device(config-if)# glbp 1 ip 10.21.0.12

Step 12 Repeat Steps 1 through 10 on each device that —

will communicate.

Configuring GLBP
10
 Configuring GLBP
Configuring GLBP Text Authentication

Command or Action Purpose

Step 13 end Returns to privileged EXEC mode.
Example:

Device(config-if)# end

Step 14 show glbp (Optional) Displays GLBP information.

Example: • Use this command to verify your
configuration. The key chain and
Device# show glbp authentication type will be displayed if
configured.

Step 15 show key chain (Optional) Displays authentication key

information.
Example:

Device# show key chain

Configuring GLBP Text Authentication

Text authentication provides minimal security. Use MD5 authentication if security is required.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface type number Configures an interface type and enters interface
configuration mode.
Example:

Device(config)# interface GigabitEthernet

1/0/1

Step 4 ip address ip-address mask [secondary] Specifies a primary or secondary IP address for
an interface.
Example:

Device(config-if)# ip address 10.0.0.1

255.255.255.0

Configuring GLBP
11
 Configuring GLBP
Configuring GLBP Weighting Values and Object Tracking

Command or Action Purpose

Step 5 glbp group-number authentication text string Authenticates GLBP packets received from
other devices in the group.
Example:
• If you configure authentication, all devices
Device(config-if)# glbp 10 authentication within the GLBP group must use the same
text stringxyz authentication string.

Step 6 glbp group-number ip [ip-address [secondary]] Enables GLBP on an interface and identifies
the primary IP address of the virtual gateway.
Example:

Device(config-if)# glbp 1 ip 10.0.0.10

Step 7 Repeat Steps 1 through 6 on each device that —

will communicate.
Step 8 end Returns to privileged EXEC mode.
Example:

Device(config-if)# end

Step 9 show glbp (Optional) Displays GLBP information.

Example: • Use this command to verify your
configuration.
Device# show glbp

Configuring GLBP Weighting Values and Object Tracking

GLBP weighting is used to determine whether a GLBP group can act as a virtual forwarder. Initial weighting
values can be set and optional thresholds specified. Interface states can be tracked and a decrement value set
to reduce the weighting value if the interface goes down. When the GLBP group weighting drops below a
specified value, the group will no longer be an active virtual forwarder. When the weighting rises above a
specified value, the group can resume its role as an active virtual forwarder.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 track object-number interface type number Configures an interface to be tracked where
{line-protocol |{ip | ipv6} routing} changes in the state of the interface affect the

Configuring GLBP
12
Configuring GLBP
Configuring GLBP Weighting Values and Object Tracking

Command or Action Purpose

Example: weighting of a GLBP gateway, and enters
tracking configuration mode.
Device(config)# track 2 interface
GigabitEthernet 1/0/1 ip routing • This command configures the interface
and corresponding object number to be
used with the glbp weighting track
command.
• The line-protocol keyword tracks
whether the interface is up. The ip
routing keywords also check that IP
routing is enabled on the interface, and
an IP address is configured.

Step 4 exit Returns to global configuration mode.

Example:

Device(config-track)# exit

Step 5 interface type number Enters interface configuration mode.

Example:

Device(config)# interface
GigabitEthernet 1/0/1

Step 6 glbp group weighting maximum [lower lower] Specifies the initial weighting value, and the
[upper upper] upper and lower thresholds, for a GLBP
gateway.
Example:

Device(config-if)# glbp 10 weighting

110 lower 95 upper 105

Step 7 glbp group weighting track object-number Specifies an object to be tracked that affects
[decrement value] the weighting of a GLBP gateway.
Example: • The value argument specifies a reduction
in the weighting of a GLBP gateway
Device(config-if)# glbp 10 weighting when a tracked object fails.
track 2 decrement 5

Step 8 glbp group forwarder preempt [delay Configures the device to take over as AVF for
minimum seconds] a GLBP group if the current AVF for a GLBP
group falls below its low weighting threshold.
Example:
• This command is enabled by default with
Device(config-if)# glbp 10 forwarder a delay of 30 seconds.
preempt delay minimum 60
• Use the optional delay and minimum
keywords and the seconds argument to
specify a minimum delay interval in
seconds before preemption of the AVF
takes place.

Configuring GLBP
13
 Configuring GLBP
Troubleshooting GLBP

Command or Action Purpose

Step 9 exit Returns to privileged EXEC mode.
Example:

Device(config-if)# exit

Step 10 show track [object-number | brief] [interface Displays tracking information.

[brief] | ip route [ brief] | resolution | timers]
Example:

Device# show track 2

Troubleshooting GLBP
GLBP introduces five privileged EXEC mode commands to enable display of diagnostic output concerning
various events relating to the operation of GLBP. The debug condition glbp,debug glbp errors, debug glbp
events, debug glbp packets, and debug glbp terse commands are intended only for troubleshooting purposes
because the volume of output generated by the software can result in severe performance degradation on the
device. Perform this task to minimize the impact of using the debug glbp commands.
This procedure will minimize the load on the device created by the debug condition glbpor debug glbp
command because the console port is no longer generating character-by-character processor interrupts. If you
cannot connect to a console directly, you can run this procedure via a terminal server. If you must break the
Telnet connection, however, you may not be able to reconnect because the device may be unable to respond
due to the processor load of generating the debugging output.

Before you begin

This task requires a device running GLBP to be attached directly to a console.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 no logging console Disables all logging to the console terminal.

Example: • To reenable logging to the console, use
thelogging console command in global
Device(config)# no logging console configuration mode.

Configuring GLBP
14
 Configuring GLBP
Configuration Examples for GLBP

Command or Action Purpose

Step 4 Use Telnet to access a device port and repeat Enters global configuration mode in a recursive
Steps 1 and 2. Telnet session, which allows the output to be
redirected away from the console port.

Step 5 end Exits to privileged EXEC mode.

Example:

Device(config)# end

Step 6 terminal monitor Enables logging output on the virtual terminal.

Example:

Device# terminal monitor

Step 7 debug condition glbp interface-type Displays debugging messages about GLBP
interface-number group [forwarder] conditions.
Example: • Try to enter only specific debug condition
glbp or debug glbp commands to isolate
Device# debug condition glbp the output to a certain subcomponent and
GigabitEthernet 0/0/0 1 minimize the load on the processor. Use
appropriate arguments and keywords to
generate more detailed debug information
on specified subcomponents.
• Enter the specific no debug condition
glbp or no debug glbp command when
you are finished.

Step 8 terminal no monitor Disables logging on the virtual terminal.

Example:

Device# terminal no monitor

Configuration Examples for GLBP

Example: Customizing GLBP Configuration
Device(config)# interface GigabitEthernet 1/0/1
Device(config-if)# ip address 10.21.8.32 255.255.255.0
Device(config-if)# glbp 10 timers 5 18
Device(config-if)# glbp 10 timers redirect 1800 28800
Device(config-if)# glbp 10 load-balancing host-dependent
Device(config-if)# glbp 10 priority 254
Device(config-if)# glbp 10 preempt delay minimum 60

Configuring GLBP
15
 Configuring GLBP
Example: Configuring GLBP MD5 Authentication Using Key Strings

Example: Configuring GLBP MD5 Authentication Using Key Strings

The following example shows how to configure GLBP MD5 authentication using a key string:

Device(config)# interface GigabitEthernet 1/0/1

Device(config-if)# ip address 10.0.0.1 255.255.255.0
Device(config-if)# glbp 2 authentication md5 key-string ThisStringIsTheSecretKey
Device(config-if)# glbp 2 ip 10.0.0.10

Example: Configuring GLBP MD5 Authentication Using Key Chains

In the following example, GLBP queries the key chain “AuthenticateGLBP” to obtain the current live key
and key ID for the specified key chain:

Device(config)# key chain AuthenticateGLBP

Device(config-keychain)# key 1
Device(config-keychain-key)# key-string ThisIsASecretKey
Device(config-keychain-key)# exit
Device(config-keychain)# exit
Device(config)# interface GigabitEthernet 1/0/1
Device(config-if)# ip address 10.0.0.1 255.255.255.0
Device(config-if)# glbp 2 authentication md5 key-chain AuthenticateGLBP
Device(config-if)# glbp 2 ip 10.0.0.10

Example: Configuring GLBP Text Authentication

Device(config)# interface GigabitEthernet 0/0/0
Device(config-if)# ip address 10.21.8.32 255.255.255.0
Device(config-if)# glbp 10 authentication text stringxyz
Device(config-if)# glbp 10 ip 10.21.8.10

Example: Configuring GLBP Weighting

In the following example, the device is configured to track the IP routing state of the POS interface 5/0/0 and
6/0/0, an initial GLBP weighting with upper and lower thresholds is set, and a weighting decrement value of
10 is set. If POS interface 5/0/0 and 6/0/0 go down, the weighting value of the device is reduced.

Device(config)# track 1 interface GigabitEthernet 1/0/1 line-protocol

Device(config)# track 2 interface GigabitEthernet 1/0/3 line-protocol
Device(config)# interface TenGigabitEthernet 0/0/1
Device(config-if)# ip address 10.21.8.32 255.255.255.0
Device(config-if)# glbp 10 weighting 110 lower 95 upper 105
Device(config-if)# glbp 10 weighting track 1 decrement 10
Device(config-if)# glbp 10 weighting track 2 decrement 10

Example: Enabling GLBP Configuration

In the following example, the device is configured to enable GLBP, and the virtual IP address of 10.21.8.10
is specified for GLBP group 10:

Device(config)# interface GigabitEthernet 0/0/0

Device(config-if)# ip address 10.21.8.32 255.255.255.0
Device(config-if)# glbp 10 ip 10.21.8.10

Configuring GLBP
16
 Configuring GLBP
Additional References for GLBP

Additional References for GLBP

Related Documents

Related Topic Document Title

GLBP commands: complete command syntax, command Cisco IOS IP Application Services Command
mode, command history, defaults, usage guidelines, and Reference
examples.

Key chains and key management commands: complete Cisco IOS IP Routing Protocol-Independent
command syntax, command mode, command history, Command Reference
defaults, usage guidelines, and examples

Object tracking "Configuring Enhanced Object Tracking" module

VRRP "Configuring VRRP" module

HSRP "Configuring HSRP" module

Technical Assistance

Description Link

The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html

online resources to download documentation, software,
and tools. Use these resources to install and configure
the software and to troubleshoot and resolve technical
issues with Cisco products and technologies. Access to
most tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and password.

Feature Information for GLBP

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Configuring GLBP
17
 Configuring GLBP
Glossary

Table 1: Feature Information for GLBP

Feature Name Releases Feature Configuration Information

Gateway Load GLBP protects data traffic from a failed router or circuit, like HSRP and
Balancing VRRP, while allowing packet load sharing between a group of redundant
Protocol routers.
In Cisco IOS Release Cisco IOS XE Release 3.6E, this feature is supported
on the following platforms:
• Cisco 5760 Wireless LAN Controller

The following commands were introduced or modified by this feature: glbp

forwarder preempt, glbp ip , glbp load-balancing , glbp name, glbp
preempt , glbp priority , glbp timers , glbp timers redirect, glbp
weighting , glbp weighting track, show glbp.

GLBP MD5 Cisco IOS MD5 authentication provides greater security than the alternative plain text
Authentication XE 3.6E authentication scheme. MD5 authentication allows each GLBP group
member to use a secret key to generate a keyed MD5 hash that is part of
the outgoing packet. A keyed hash of an incoming packet is generated and,
if the hash within the incoming packet does not match the generated hash,
the packet is ignored.
In Cisco IOS Release Cisco IOS XE Release 3.6E, this feature is supported
on the following platforms:
• Cisco 5760 Wireless LAN Controller

The following commands were modified by this feature: glbp

authentication, show glbp.

Glossary
active RP—The Route Processor (RP) controls the system, provides network services, runs routing protocols
and presents the system management interface.
AVF—active virtual forwarder. One virtual forwarder within a GLBP group is elected as active virtual
forwarder for a specified virtual MAC address, and it is responsible for forwarding packets sent to that MAC
address. Multiple active virtual forwarders can exist for each GLBP group.
AVG—active virtual gateway. One virtual gateway within a GLBP group is elected as the active virtual
gateway, and is responsible for the operation of the protocol.
GLBP gateway—Gateway Load Balancing Protocol gateway. A router or gateway running GLBP. Each
GLBP gateway may participate in one or more GLBP groups.
GLBP group—Gateway Load Balancing Protocol group. One or more GLBP gateways configured with the
same GLBP group number on connected Ethernet interfaces.
NSF—nonstop forwarding. The ability of a router to continue to forward traffic to a router that may be
recovering from a failure. Also, the ability of a router recovering from a failure to continue to correctly forward
traffic sent to it by a peer.

Configuring GLBP
18
Configuring GLBP
Glossary

RP—Route Processor. A generic term for the centralized control unit in a chassis. Platforms usually use a
platform-specific term, such as RSP on the Cisco 7500, the PRE on the Cisco 10000, or the SUP+MSFC on
the Cisco 7600.
RPR—Route Processor Redundancy. RPR provides an alternative to the High System Availability (HSA)
feature. HSA enables a system to reset and use a standby Route Processor (RP) if the active RP fails. Using
RPR, you can reduce unplanned downtime because RPR enables a quicker switchover between an active and
standby RP if the active RP experiences a fatal error.
RPR+—An enhancement to RPR in which the standby RP is fully initialized.
standby RP—An RP that has been fully initialized and is ready to assume control from the active RP should
a manual or fault-induced switchover occur.
switchover—An event in which system control and routing protocol execution are transferred from the active
RP to the standby RP. Switchover may be a manual operation or may be induced by a hardware or software
fault. Switchover may include transfer of the packet forwarding function in systems that combine system
control and packet forwarding in an indivisible unit.
vIP—virtual IP address. An IPv4 address. There must be only one virtual IP address for each configured
GLBP group. The virtual IP address must be configured on at least one GLBP group member. Other GLBP
group members can learn the virtual IP address from hello messages.

Configuring GLBP
19
 Configuring GLBP
Glossary

Configuring GLBP
20